Merge branch 'master' of github.com:Evolveum/midpoint

Evolveum · Oct 27, 2015 · 1a285d4 · 1a285d4
2 parents ebcec08 + 07cc610
commit 1a285d4
Show file tree

Hide file tree

Showing 6 changed files with 169 additions and 30 deletions.
diff --git a/...admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/home/dto/MyPasswordsDto.java b/...admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/home/dto/MyPasswordsDto.java
@@ -20,6 +20,8 @@
 import java.util.ArrayList;
 import java.util.List;
 
+import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPropagationUserControlType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordChangeSecurityType;
 import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
 
 /**
@@ -29,9 +31,13 @@ public class MyPasswordsDto implements Serializable {
 
     public static final String F_ACCOUNTS = "accounts";
     public static final String F_PASSWORD = "password";
+    public static final String F_OLD_PASSWORD = "oldPassword";
 
     private List<PasswordAccountDto> accounts;
     private ProtectedStringType password;
+    private CredentialsPropagationUserControlType propagation;
+    private PasswordChangeSecurityType passwordChangeSecurity;
+    private String oldPassword;
 
     public List<PasswordAccountDto> getAccounts() {
         if (accounts == null) {
@@ -47,4 +53,28 @@ public ProtectedStringType getPassword() {
     public void setPassword(ProtectedStringType password) {
         this.password = password;
     }
+
+    public void setPropagation(CredentialsPropagationUserControlType propagation) {
+        this.propagation = propagation;
+    }
+
+    public CredentialsPropagationUserControlType getPropagation() {
+        return propagation;
+    }
+
+    public PasswordChangeSecurityType getPasswordChangeSecurity() {
+        return passwordChangeSecurity;
+    }
+
+    public void setPasswordChangeSecurity(PasswordChangeSecurityType passwordChangeSecurity) {
+        this.passwordChangeSecurity = passwordChangeSecurity;
+    }
+
+    public String getOldPassword() {
+        return oldPassword;
+    }
+
+    public void setOldPassword(String oldPassword) {
+        this.oldPassword = oldPassword;
+    }
 }
diff --git a/...n-gui/src/main/java/com/evolveum/midpoint/web/page/admin/home/dto/PasswordAccountDto.java b/...n-gui/src/main/java/com/evolveum/midpoint/web/page/admin/home/dto/PasswordAccountDto.java
@@ -30,7 +30,7 @@ public class PasswordAccountDto extends Selectable implements Comparable<Passwor
     private String oid;
     private String displayName;
     private String resourceName;
-    private String cssClass;
+    private String cssClass = "";
     private boolean enabled;
     private boolean passwordOutbound;
     /**

diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageSelfCredentials.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageSelfCredentials.java
@@ -74,7 +74,9 @@ public class PageSelfCredentials extends PageSelf {
     private static final String OPERATION_LOAD_USER = DOT_CLASS + "loadUser";
     private static final String OPERATION_LOAD_ACCOUNT = DOT_CLASS + "loadAccount";
     private static final String OPERATION_SAVE_PASSWORD = DOT_CLASS + "savePassword";
+    private static final String OPERATION_CHECK_PASSWORD = DOT_CLASS + "checkPassword";
     private static final String OPERATION_LOAD_SHADOW = DOT_CLASS + "loadShadow";
+    private static final String OPERATION_GET_CREDENTIALS_POLICY = DOT_CLASS + "getCredentialsPolicy";
 
 
     private LoadableModel<MyPasswordsDto> model;
@@ -117,34 +119,52 @@ private MyPasswordsDto loadPageModel() {
 
             dto.getAccounts().add(createDefaultPasswordAccountDto(user));
 
-            PrismReference reference = user.findReference(UserType.F_LINK_REF);
-            if (reference == null || reference.getValues() == null) {
-                LOGGER.debug("No accounts found for user {}.", new Object[]{userOid});
-                return dto;
+            CredentialsPolicyType credentialsPolicyType = getPasswordCredentialsPolicy();
+            if (credentialsPolicyType != null) {
+                PasswordCredentialsPolicyType passwordCredentialsPolicy = credentialsPolicyType.getPassword();
+                if (passwordCredentialsPolicy != null) {
+                    CredentialsPropagationUserControlType propagationUserControl = passwordCredentialsPolicy.getPropagationUserControl();
+                    if (propagationUserControl != null) {
+                        dto.setPropagation(propagationUserControl);
+                    }
+                    PasswordChangeSecurityType passwordChangeSecurity = passwordCredentialsPolicy.getPasswordChangeSecurity();
+                    if (passwordChangeSecurity != null) {
+                        dto.setPasswordChangeSecurity(passwordChangeSecurity);
+                    }
+
+                }
+
             }
 
-            final Collection<SelectorOptions<GetOperationOptions>> options =
-                    SelectorOptions.createCollection(ShadowType.F_RESOURCE, GetOperationOptions.createResolve());
+            if (dto.getPropagation() == null || dto.getPropagation().equals(CredentialsPropagationUserControlType.USER_CHOICE)) {
+                PrismReference reference = user.findReference(UserType.F_LINK_REF);
+                if (reference == null || reference.getValues() == null) {
+                    LOGGER.debug("No accounts found for user {}.", new Object[]{userOid});
+                    return dto;
+                }
 
-            List<PrismReferenceValue> values = reference.getValues();
-            for (PrismReferenceValue value : values) {
-                subResult = result.createSubresult(OPERATION_LOAD_ACCOUNT);
-                try {
-                    String accountOid = value.getOid();
-                    task = createSimpleTask(OPERATION_LOAD_ACCOUNT);
+                final Collection<SelectorOptions<GetOperationOptions>> options =
+                        SelectorOptions.createCollection(ShadowType.F_RESOURCE, GetOperationOptions.createResolve());
 
-                    PrismObject<ShadowType> account = getModelService().getObject(ShadowType.class,
-                            accountOid, options, task, subResult);
+                List<PrismReferenceValue> values = reference.getValues();
+                for (PrismReferenceValue value : values) {
+                    subResult = result.createSubresult(OPERATION_LOAD_ACCOUNT);
+                    try {
+                        String accountOid = value.getOid();
+                        task = createSimpleTask(OPERATION_LOAD_ACCOUNT);
 
+                        PrismObject<ShadowType> account = getModelService().getObject(ShadowType.class,
+                                accountOid, options, task, subResult);
 
-                    dto.getAccounts().add(createPasswordAccountDto(account));
-                    subResult.recordSuccessIfUnknown();
-                } catch (Exception ex) {
-                    LoggingUtils.logException(LOGGER, "Couldn't load account", ex);
-                    subResult.recordFatalError("Couldn't load account.", ex);
+
+                        dto.getAccounts().add(createPasswordAccountDto(account));
+                        subResult.recordSuccessIfUnknown();
+                    } catch (Exception ex) {
+                        LoggingUtils.logException(LOGGER, "Couldn't load account", ex);
+                        subResult.recordFatalError("Couldn't load account.", ex);
+                    }
                 }
             }
-
             result.recordSuccessIfUnknown();
         } catch (Exception ex) {
             LoggingUtils.logException(LOGGER, "Couldn't load accounts", ex);
@@ -260,6 +280,37 @@ private PasswordAccountDto createPasswordAccountDto(PrismObject<ShadowType> acco
 
     private void onSavePerformed(AjaxRequestTarget target) {
         List<PasswordAccountDto> selectedAccounts = getSelectedAccountsList();
+
+        if (model.getObject().getPasswordChangeSecurity().equals(PasswordChangeSecurityType.OLD_PASSWORD)) {
+            LOGGER.debug("Check old password");
+            if (model.getObject().getOldPassword() == null
+                    || model.getObject().getOldPassword().trim().equals("")){
+                warn(getString("PageSelfCredentials.specifyOldPasswordMessage"));
+                target.add(getFeedbackPanel());
+                return;
+            } else {
+                OperationResult checkPasswordResult = new OperationResult(OPERATION_CHECK_PASSWORD);
+                Task checkPasswordTask = createSimpleTask(OPERATION_CHECK_PASSWORD);
+                try {
+                    ProtectedStringType oldPassword = new ProtectedStringType();
+                    oldPassword.setClearValue(model.getObject().getOldPassword());
+                    boolean isCorrectPassword = getModelInteractionService().checkPassword(user.getOid(), oldPassword,
+                            checkPasswordTask, checkPasswordResult);
+                    if (!isCorrectPassword) {
+                        warn(getString("PageSelfCredentials.incorrectOldPassword"));
+                        target.add(getFeedbackPanel());
+                        return;
+                    }
+                } catch (Exception ex) {
+                    LoggingUtils.logException(LOGGER, "Couldn't check password", ex);
+                    checkPasswordResult.recordFatalError("Couldn't check password." + ex.getMessage(), ex);
+                    target.add(getFeedbackPanel());
+                    return;
+                } finally {
+                    checkPasswordResult.computeStatus();
+                }
+            }
+        }
         if (selectedAccounts.isEmpty()) {
             warn(getString("PageSelfCredentials.noAccountSelected"));
             target.add(getFeedbackPanel());
@@ -279,7 +330,6 @@ private void onSavePerformed(AjaxRequestTarget target) {
 
 
             for (PasswordAccountDto accDto : selectedAccounts) {
-                if (accDto.getCssClass().equals(ChangePasswordPanel.SELECTED_ACCOUNT_ICON_CSS)) {
                     PrismObjectDefinition objDef = accDto.isMidpoint() ?
                             registry.findObjectDefinitionByCompileTimeClass(UserType.class) :
                             registry.findObjectDefinitionByCompileTimeClass(ShadowType.class);
@@ -289,7 +339,6 @@ private void onSavePerformed(AjaxRequestTarget target) {
                     Class<? extends ObjectType> type = accDto.isMidpoint() ? UserType.class : ShadowType.class;
 
                     deltas.add(ObjectDelta.createModifyDelta(accDto.getOid(), delta, type, getPrismContext()));
-                }
             }
             getModelService().executeChanges(deltas, null, createSimpleTask(OPERATION_SAVE_PASSWORD), result);
 
@@ -318,9 +367,14 @@ private void onSavePerformed(AjaxRequestTarget target) {
     private List<PasswordAccountDto> getSelectedAccountsList(){
         List<PasswordAccountDto> passwordAccountDtos = model.getObject().getAccounts();
         List<PasswordAccountDto> selectedAccountList = new ArrayList<>();
-        for (PasswordAccountDto passwordAccountDto : passwordAccountDtos){
-            if (passwordAccountDto.getCssClass().equals(ChangePasswordPanel.SELECTED_ACCOUNT_ICON_CSS)){
-                selectedAccountList.add(passwordAccountDto);
+        if (model.getObject().getPropagation() != null
+                && model.getObject().getPropagation().equals(CredentialsPropagationUserControlType.MAPPING)){
+            selectedAccountList.addAll(passwordAccountDtos);
+        } else {
+            for (PasswordAccountDto passwordAccountDto : passwordAccountDtos) {
+                if (passwordAccountDto.getCssClass().equals(ChangePasswordPanel.SELECTED_ACCOUNT_ICON_CSS)) {
+                    selectedAccountList.add(passwordAccountDto);
+                }
             }
         }
         return selectedAccountList;
@@ -374,4 +428,25 @@ private boolean getPasswordOutbound(PrismObject<ShadowType> shadow) {
         }
         return false;
     }
+
+    public PrismObject<UserType> getUser() {
+        return user;
+    }
+
+    private CredentialsPolicyType getPasswordCredentialsPolicy (){
+        LOGGER.debug("Getting credentials policy");
+        Task task = createSimpleTask(OPERATION_GET_CREDENTIALS_POLICY);
+        OperationResult result = new OperationResult(OPERATION_GET_CREDENTIALS_POLICY);
+        CredentialsPolicyType credentialsPolicyType = null;
+        try {
+            credentialsPolicyType = getModelInteractionService().getCredentialsPolicy(user, task, result);
+            result.recordSuccessIfUnknown();
+        } catch (Exception ex) {
+            LoggingUtils.logException(LOGGER, "Couldn't load credentials policy", ex);
+            result.recordFatalError("Couldn't load credentials policy." + ex.getMessage(), ex);
+        } finally {
+            result.computeStatus();
+        }
+        return credentialsPolicyType;
+    }
 }
diff --git a/...-gui/src/main/java/com/evolveum/midpoint/web/page/self/component/ChangePasswordPanel.html b/...-gui/src/main/java/com/evolveum/midpoint/web/page/self/component/ChangePasswordPanel.html
@@ -18,14 +18,16 @@
 <wicket:panel>
     <div class="row">
         <div class="col-md-2">
+            <div class="form-control-static" wicket:id="oldPasswordLabel"/>
             <div class="form-control-static" wicket:id="passwordLabel"/>
             <div class="form-control-static" wicket:id="confirmPasswordLabel"/>
         </div>
         <div class="col-md-3">
+            <input class="form-control input-sm" style="margin-bottom: 5px;" type="password" autocomplete="off" wicket:id="oldPassword"/>
             <div wicket:id="passwordPanel"/>
         </div>
     </div>
-    <div class="row">
+    <div wicket:id="accountsContainer" class="row">
         <div class="col-md-7">
             <div class="box box-default collapsed-box">
                 <div class="box-header with-border">

diff --git a/...-gui/src/main/java/com/evolveum/midpoint/web/page/self/component/ChangePasswordPanel.java b/...-gui/src/main/java/com/evolveum/midpoint/web/page/self/component/ChangePasswordPanel.java
@@ -1,7 +1,5 @@
 package com.evolveum.midpoint.web.page.self.component;
 
-import com.evolveum.midpoint.util.logging.Trace;
-import com.evolveum.midpoint.util.logging.TraceManager;
 import com.evolveum.midpoint.web.component.data.SelectableDataTable;
 import com.evolveum.midpoint.web.component.data.TablePanel;
 import com.evolveum.midpoint.web.component.data.column.*;
@@ -11,30 +9,39 @@
 import com.evolveum.midpoint.web.component.util.SimplePanel;
 import com.evolveum.midpoint.web.page.admin.home.dto.MyPasswordsDto;
 import com.evolveum.midpoint.web.page.admin.home.dto.PasswordAccountDto;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPropagationUserControlType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordChangeSecurityType;
 import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
 import org.apache.wicket.ajax.AjaxEventBehavior;
 import org.apache.wicket.ajax.AjaxRequestTarget;
+import org.apache.wicket.ajax.form.AjaxFormComponentUpdatingBehavior;
 import org.apache.wicket.extensions.markup.html.repeater.data.grid.ICellPopulator;
 import org.apache.wicket.extensions.markup.html.repeater.data.table.AbstractColumn;
 import org.apache.wicket.extensions.markup.html.repeater.data.table.IColumn;
 import org.apache.wicket.extensions.markup.html.repeater.data.table.PropertyColumn;
+import org.apache.wicket.markup.html.WebMarkupContainer;
 import org.apache.wicket.markup.html.basic.Label;
+import org.apache.wicket.markup.html.form.PasswordTextField;
 import org.apache.wicket.markup.repeater.Item;
 import org.apache.wicket.model.AbstractReadOnlyModel;
 import org.apache.wicket.model.IModel;
 import org.apache.wicket.model.Model;
 import org.apache.wicket.model.PropertyModel;
 
 import java.util.*;
+import java.util.List;
 
 /**
  * Created by Kate on 09.10.2015.
  */
 public class ChangePasswordPanel extends SimplePanel<MyPasswordsDto> {
     private static final String ID_PASSWORD_PANEL = "passwordPanel";
+    private static final String ID_OLD_PASSWORD_FIELD = "oldPassword";
     private static final String ID_PASSWORD_LABEL = "passwordLabel";
+    private static final String ID_OLD_PASSWORD_LABEL = "oldPasswordLabel";
     private static final String ID_CONFIRM_PASSWORD_LABEL = "confirmPasswordLabel";
     public static final String ID_ACCOUNTS_TABLE = "accounts";
+    public static final String ID_ACCOUNTS_CONTAINER = "accountsContainer";
     public static final String SELECTED_ACCOUNT_ICON_CSS = "fa fa-check-square-o";
     public static final String DESELECTED_ACCOUNT_ICON_CSS = "fa fa-square-o";
     public static final String PROPAGATED_ACCOUNT_ICON_CSS = "fa fa-sign-out";
@@ -54,22 +61,44 @@ public ChangePasswordPanel(String id, LoadableModel<MyPasswordsDto> model, MyPas
     protected void initLayout() {
         model = (LoadableModel) getModel();
 
+        Label oldPasswordLabel = new Label(ID_OLD_PASSWORD_LABEL, createStringResource("PageSelfCredentials.oldPasswordLabel"));
+        add(oldPasswordLabel);
+
         Label passwordLabel = new Label(ID_PASSWORD_LABEL, createStringResource("PageSelfCredentials.passwordLabel1"));
         add(passwordLabel);
 
         Label confirmPasswordLabel = new Label(ID_CONFIRM_PASSWORD_LABEL, createStringResource("PageSelfCredentials.passwordLabel2"));
         add(confirmPasswordLabel);
 
+        PasswordTextField oldPasswordField =
+                new PasswordTextField(ID_OLD_PASSWORD_FIELD, new PropertyModel(model, MyPasswordsDto.F_OLD_PASSWORD));
+        oldPasswordField.setRequired(false);
+        oldPasswordField.setResetPassword(false);
+        add(oldPasswordField);
+
+        if (model.getObject().getPasswordChangeSecurity() == null ||
+                model.getObject().getPasswordChangeSecurity().equals(PasswordChangeSecurityType.NONE)){
+            oldPasswordField.setVisible(false);
+            oldPasswordLabel.setVisible(false);
+        }
+
         PasswordPanel passwordPanel = new PasswordPanel(ID_PASSWORD_PANEL, new PropertyModel<ProtectedStringType>(model, MyPasswordsDto.F_PASSWORD));
         add(passwordPanel);
 
+        WebMarkupContainer accountContainer = new WebMarkupContainer(ID_ACCOUNTS_CONTAINER);
+
         List<IColumn<PasswordAccountDto, String>> columns = initColumns();
         ListDataProvider<PasswordAccountDto> provider = new ListDataProvider<PasswordAccountDto>(this,
                 new PropertyModel<List<PasswordAccountDto>>(model, MyPasswordsDto.F_ACCOUNTS));
         TablePanel accounts = new TablePanel(ID_ACCOUNTS_TABLE, provider, columns);
         accounts.setItemsPerPage(30);
         accounts.setShowPaging(false);
-        add(accounts);
+        if (model.getObject().getPropagation() != null && model.getObject().getPropagation()
+                .equals(CredentialsPropagationUserControlType.MAPPING)){
+            accountContainer.setVisible(false);
+        }
+        accountContainer.add(accounts);
+        add(accountContainer);
     }
 
     private List<IColumn<PasswordAccountDto, String>> initColumns() {

diff --git a/gui/admin-gui/src/main/resources/localization/Midpoint.properties b/gui/admin-gui/src/main/resources/localization/Midpoint.properties
@@ -2777,11 +2777,14 @@ PageAdmin.menu.top.roles.edit=Edit role
 PageAdmin.menu.top.users.org.edit=Edit organization
 PageSelfCredentials.tabs.password=Password
 PageSelfCredentials.title=Credentials
+PageSelfCredentials.oldPasswordLabel=Old password
 PageSelfCredentials.passwordLabel1=Password
 PageSelfCredentials.passwordLabel2=Confirm password
 PageSelfCredentials.accountMidpoint=MidPoint
 PageSelfCredentials.resourceMidpoint=MidPoint Repository
 PageSelfCredentials.noAccountSelected=Password not changed. No account was selected.
+PageSelfCredentials.incorrectOldPassword=Password not changed. Old password is incorrect.
+PageSelfCredentials.specifyOldPasswordMessage=Please, specify old password value
 ChangePasswordPanel.accountsTable.header=Password propagation
 ChangePasswordPanel.name=Name
 ChangePasswordPanel.resourceName=Resource